ABSTRACT OF THE DISCLOSURE 



A method and system for determining and enforcing security policy 
in a communication session are provided in distributed systems. Policy 
encompasses the provisioning, authorization, and access control within the protected 
environment. Hence, all communication security requirements are explicitly stated 
through policy. A policy instantiation is constructed at run-time through policy 
determination. Conditional, abstract, and discretionary policies stated by 
communication participants are reconciled to arrive at an instantiation. The 
resulting instantiation is a concrete specification of the mechanisms, configurations, 
and access control model to be implemented by the session. The semantics of an 
instantiation are achieved through policy enforcement. The policy enforcement 
architecture implements session policies through the composition and configuration 
of security mechanisms using a novel event-bus architecture. Policy is enforced 
through the observation of and reaction to relevant events. The method and system 
of the invention diverges from past subscription-based event architectures by 
introducing additional infrastructure allowing significant implementation flexibility, 
robustness, and efficiency. 



-70- 



UOM 0244 PUS 
2168 



M:\clients\U\UOM\0244pus\Application. wpd 

sandy m. 10/19/01 
sandy m. 10/20/01 
sandy m. 10/21/01 
sandy m. 10/22/01 
sandy m. 10/23/01 
Kathy 11/26/01 
sandy m. 11/27/01 



o 
p 
m 
m 



